CVE-2023-7327

HIGH NUCLEI

Ozeki SMS Gateway <=10.3.208 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-7327. PoCs published by Ahmet Ümit BAYRAM. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated arbitrary file read vulnerability in Ozeki 10 SMS Gateway 10.3.208 via directory traversal. The PoC uses a curl command to read the 'win.ini' file by exploiting path traversal sequences.

Description

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · textwebappsmultiple

https://www.exploit-db.com/exploits/51646

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated arbitrary file read vulnerability in Ozeki 10 SMS Gateway 10.3.208 via directory traversal. The PoC uses a curl command to read the 'win.ini' file by exploiting path traversal sequences.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Ozeki 10 SMS Gateway 10.3.208

No auth needed

Prerequisites: Network access to the target system · Ozeki 10 SMS Gateway running on default or known port

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read

HIGHVERIFIEDby r3Y3r53

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51646

Various Sources product

https://ozeki-sms-gateway.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ozeki-sms-gateway-unauthenticated-arbitrary-file-read

Scores

CVSS v4 8.7

EPSS 0.1764

EPSS Percentile 95.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

Ozeki Ltd./Ozeki SMS Gateway < 10.3.208

Published Nov 12, 2025

Tracked Since Feb 18, 2026